Determining platform-specific end-to-end security vulnerabilities for a software application via a graphical user interface (GUI) systems and methods
Abstract
Systems and methods for determining and displaying platform-specific end-to-end security vulnerabilities via a graphical user interface (GUI) are disclosed. To provide users with visual indications of vulnerable computing aspects associated with a computing platform, the system identifies computing aspects associated with a platform. The system then obtains from a security entity, security-vulnerability descriptions that are associated with the platform. Using the security-vulnerability descriptions, the system then determines threat levels for each security-vulnerability description and then, using the determined threat levels, determines a computing aspect impact level for each computing aspect associated with the platform. The system then generates for display on a GUI, a graphical layout comprising each computing aspect impact level for each computing aspect associated with the platform.
Claims
exact text as granted — not AI-modifiedWe claim:
1. A system for determining platform-specific end-to-end security vulnerabilities for software applications via a graphical user interface (GUI), the system comprising:
at least one processor; and
at least one memory coupled to the at least one processor and storing instructions that, when executed by the at least one processor, perform operations comprising:
determining a platform associated with a software application, wherein the platform indicates an ecosystem of computing resources within which the software application executes;
using the determined platform associated with the software application, identifying a set of assessment-domains by comparing a platform identifier of the platform to an assessment-domain-mapping data structure, wherein the assessment-domain-mapping data structure indicates a mapping of one or more platform identifiers to one or more assessment-domains;
obtaining, from a third-party security entity, a set of security-vulnerability responses, wherein each response of the set of security-vulnerability responses indicate at least one security threat associated with a respective assessment domain;
assigning a threat value to each security-vulnerability response of the set of security-vulnerability responses by comparing a respective security-vulnerability response to a platform-specific policy, wherein the platform-specific policy includes a mapping of security-vulnerability responses to a predetermined respective threat level that is specific to one or more assessment-domains associated with a respective platform;
determining, an assessment-domain impact level for each assessment-domain of the set of assessment-domains related to the platform, by computing a weighted average of assigned threat values of the respective assessment-domain; and
generating for display at the GUI, a graphical layout indicating assessment-domain-specific impact levels, wherein the graphical layout includes a graphical representation of each assessment-domain of the set of assessment-domains and a graphical representation of the respective assessment-domain impact level.
2. The system of claim 1 , wherein the instructions when executed by the at least one processor further perform operations comprising:
determining a set of high-impact assessment domains responsive to a respective assessment-domain impact level of a respective assessment-domain exceeding a predetermined threshold value for the respective assessment-domain; and
updating the graphical layout indicating the assessment-domain-specific impact levels to only include a graphical representation of each high-impact assessment-domains of the set of high-impact assessment-domains and a graphical representation of the respective high-impact assessment-domain impact level.
3. The system of claim 1 , wherein the instructions when executed by the at least one processor further perform operations comprising:
determining, for each security-vulnerability response, a system protection mechanism corresponding to the respective security-vulnerability response;
determining, based on the system protection mechanism corresponding to a given security-vulnerability response, a mitigated threat value, wherein the mitigated threat value indicates a level of system protection with respect to a security-vulnerability; and
determining a mitigated-assessment domain impact level for each assessment domain of the set of assessment domains related to the platform using the mitigated threat values.
4. The system of claim 3 , wherein the mitigated-assessment domain impact level for each assessment domain of the set of assessment domains is further determined by:
computing a weighted average of mitigated threat values with respect to a given assessment domain; and
determining the mitigated-assessment domain impact level for the given assessment domain based on the weighted average of mitigated threat values.
5. A computer-implemented method for determining platform-specific end-to-end security vulnerabilities for software platforms via a graphical user interface (GUI), the method comprising:
identifying a set of computing aspects associated with a software platform using a computing-aspect-mapping structure, wherein the computing-aspect-mapping structure indicates a mapping of platforms to computing aspects involved with a processing of network operations;
obtaining, from a security entity, a set of security-vulnerability descriptions, wherein each description of the set of security-vulnerability descriptions indicate security threats associated with the platform;
determining a threat value of each security-vulnerability description of the set of security-vulnerability descriptions by using a platform-specific policy, wherein the platform-specific policy indicates (i) security impact information related to security-vulnerability descriptions and (ii) a mapping of security-vulnerability descriptions to predetermined security threat values that are specific to one or more computing aspects associated with a respective platform;
determining a computing aspect impact level for each computing aspect of the set of computing aspects associated with the platform using the determined threat value for each security-vulnerability description; and
generating for display at a graphical user interface, a graphical layout indicating computing-aspect-specific impact levels, wherein the graphical layout comprises a graphical representation of each computing aspect impact level of each respective computing aspect of the set of computing aspects associated with the platform.
6. The method of claim 5 , further comprising:
determining a set of high-impact computing aspects responsive to a respective computing aspect impact level of a respective computing aspect exceeding a predetermined threshold value for the respective computing aspect; and
updating the graphical layout indicating the computing-aspect-specific impact levels to only include a graphical representation of each high-impact computing aspects of the set of high-impact computing aspects and a graphical representation of the respective high-impact computing aspect impact level.
7. The method of claim 5 , further comprising:
determining, for each security-vulnerability description, a system protection measure corresponding to a respective security-vulnerability description;
determining, based on the system protection measure corresponding to a given security-vulnerability description, a mitigated threat value, wherein the mitigated threat value indicates a level of system protection with respect to a security-vulnerability; and
determining a mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects related to the platform using the mitigated threat values.
8. The method of claim 7 , wherein the mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects is further determined by:
computing a weighted average of mitigated threat values with respect to a given computing aspect; and
determining the mitigated-computing-aspect impact level for the given computing aspect based on the weighted average of mitigated threat values.
9. The method of claim 7 , wherein the mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects is further determined by:
computing a weighted sum of mitigated threat values with respect to a given computing aspect; and
determining the mitigated-computing-aspect impact level for the given computing aspect based on the weighted sum of mitigated threat values.
10. The method of claim 5 , wherein determining the threat value of each security-vulnerability description of the set of security-vulnerability descriptions further comprises:
applying a machine learning model to generate the threat value of each security-vulnerability description of the set of security-vulnerability descriptions by using (i) platform-specific policy information and (ii) the set of security-vulnerability descriptions.
11. The method of claim 5 , further comprising:
applying a machine learning model to generate the computing-aspect-mapping structure using (i) information related to the software platform and (ii) third-party entity security vulnerability information, wherein the computing-aspect-mapping structure maps the security vulnerability information from the third-party entity to computing aspects associated with the software platform.
12. One or more non-transitory computer-readable media comprising instructions that, when executed by one or more processors, cause operations comprising:
identifying a set of computing aspects associated with a software platform using a computing-aspect-mapping structure, wherein the computing-aspect-mapping structure indicates a mapping of platforms to computing aspects involved with a processing of network operations;
obtaining, from a security entity, a set of security-vulnerability descriptions, wherein each description of the set of security-vulnerability descriptions indicate security threats associated with the platform;
determining a threat value of each security-vulnerability description of the set of security-vulnerability descriptions by using a platform-specific policy, wherein the platform-specific policy indicates (i) security impact information related to security-vulnerability descriptions and (ii) a mapping of security-vulnerability descriptions to predetermined security threat values that are specific to one or more computing aspects associated with a respective platform;
determining a computing aspect impact level for each computing aspect of the set of computing aspects associated with the platform using the determined threat value for each security-vulnerability description; and
generating for display at a graphical user interface, a graphical layout indicating computing-aspect-specific impact levels, wherein the graphical layout comprises a graphical representation of each computing aspect impact level of each respective computing aspect of the set of computing aspects associated with the platform.
13. The media of claim 12 , wherein the operations further comprise:
determining a set of high-impact computing aspects responsive to a respective computing aspect impact level of a respective computing aspect exceeding a predetermined threshold value for the respective computing aspect; and
updating the graphical layout indicating the computing-aspect-specific impact levels to only include a graphical representation of each high-impact computing aspects of the set of high-impact computing aspects and a graphical representation of the respective high-impact computing aspect impact level.
14. The media of claim 12 , wherein the operations further comprise:
determining, for each security-vulnerability description, a system protection measure corresponding to a respective security-vulnerability response;
determining, based on the system protection measure corresponding to a given security-vulnerability description, a mitigated threat value, wherein the mitigated threat value indicates a level of system protection with respect to a security-vulnerability; and
determining a mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects related to the platform using the mitigated threat values.
15. The media of claim 14 , wherein the mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects is further determined by:
computing a weighted average of mitigated threat values with respect to a given computing aspect; and
determining the mitigated-computing-aspect impact level for the given computing aspect based on the weighted average of mitigated threat values.
16. The media of claim 14 , wherein the mitigated-computing-aspect impact level for each computing aspect of the set of computing aspects is further determined by:
computing a weighted sum of mitigated threat values with respect to a given computing aspect; and
determining the mitigated-computing-aspect impact level for the given computing aspect based on the weighted sum of mitigated threat values.
17. The media of claim 12 , wherein determining the threat value of each security-vulnerability description of the set of security-vulnerability descriptions further comprises:
applying a machine learning model to generate the threat value of each security-vulnerability description of the set of security-vulnerability descriptions by using (i) platform-specific policy information and (ii) the set of security-vulnerability descriptions.
18. The media of claim 12 , wherein the operations further comprise:
applying a machine learning model to generate the computing-aspect-mapping structure using (i) information related to the software platform and (ii) third-party entity security vulnerability information, wherein the computing-aspect-mapping structure maps the security vulnerability information from the third-party entity to computing aspects associated with the software platform.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.